4d6fb5f4cc66ddc5450e2535af0e77c0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

4d6fb5f4cc66ddc5450e2535af0e77c0_NeikiAnalytics
Size

410KB
MD5

4d6fb5f4cc66ddc5450e2535af0e77c0
SHA1

8e77c41f5e43d74eea1b4bca95ac527a4bac3148
SHA256

1dc8721d236222975a88065cd5780a29fe87fd102bf40b2c91ecf759ef97f76c
SHA512

096ae088c0acd381cbf6b3db3a56fb2e0c18088ec0ac8f92700483394fdc24484cedbdcc0b66fddd06b2c2fc9337ceedbdf07a863ad1cc6c92b951a3c54e9d34
SSDEEP

6144:ILhN4GJjh7u8/1hgE5l97AlfZxuazFwmR:ILhN4GJjFu89hgEJAlft

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d6fb5f4cc66ddc5450e2535af0e77c0_NeikiAnalytics

Files

4d6fb5f4cc66ddc5450e2535af0e77c0_NeikiAnalytics
.dll windows:5 windows x86 arch:x86

f35802c5b4c983304b2892d7d96b4f0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\src\wix38\build\ship\x86\wixca.pdb

Imports

msi

ord121
ord8
ord17
ord125
ord47
ord64
ord80
ord103
ord34
ord171
ord74
ord73
ord145
ord120
ord118
ord116
ord143
ord26
ord166
ord163
ord160
ord159
ord162
ord32
ord124
ord49
ord51
ord119

advapi32

RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
LookupAccountSidW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
BuildTrusteeWithSidW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
ChangeServiceConfig2W
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceConfig2W
RegCloseKey
RegOpenKeyExW
CreateWellKnownSid
LookupAccountNameW

user32

DispatchMessageW
PostMessageW
DefWindowProcW
PostQuitMessage
RegisterClassW
UnregisterClassW
CreateWindowExW
IsWindow
TranslateMessage
GetMessageW
GetSystemMetrics
SendMessageTimeoutW
EnumWindows
GetWindowThreadProcessId
IsDialogMessageW

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetConsoleCP
GetConsoleMode
OutputDebugStringW
SetStdHandle
GetModuleFileNameA
RtlUnwind
LoadLibraryExW
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
GetFileType
GetStdHandle
GetModuleHandleExW
DecodePointer
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetWindowsDirectoryW
OpenProcess
TerminateProcess
GetLastError
SetLastError
CloseHandle
FreeLibrary
GetProcAddress
LocalFree
GetVersionExW
FindClose
FindFirstFileW
FindNextFileW
lstrcmpW
GetCurrentProcess
FormatMessageW
lstrcmpiW
WriteFile
GetTempPathW
CreateFileW
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
Sleep
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetCurrentProcessId
SetFilePointer
LoadLibraryW
WriteConsoleW
GetSystemDirectoryW
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetExitCodeProcess
WaitForSingleObject
DuplicateHandle
CreatePipe
GetModuleHandleW
CreateProcessW
GetPriorityClass
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalAlloc
GlobalFree
GetFileSizeEx
ReadFile
SetFilePointerEx
GetFileTime
SetFileTime
ExpandEnvironmentStringsW
GetFullPathNameW
SetFileAttributesW
DeleteFileW
InterlockedIncrement
InterlockedDecrement
GetProcessTimes
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleFileNameW
GetFileAttributesW
ExitProcess
GetModuleHandleA
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
GetTickCount
FlushFileBuffers

Exports

Exports

CAQuietExec
CAQuietExec64
CommitCAScriptCleanup
ExecSecureObjects
ExecSecureObjectsRollback
ExecServiceConfig
ExecXmlConfig
ExecXmlConfigRollback
ExecXmlFile
ExecXmlFileRollback
RollbackServiceConfig
SchedSecureObjects
SchedSecureObjectsRollback
SchedServiceConfig
SchedXmlConfig
SchedXmlFile
WixCheckRebootRequired
WixCloseApplications
WixCloseApplicationsDeferred
WixCreateInternetShortcuts
WixExitEarlyWithSuccess
WixFailWhenDeferred
WixQueryOsDirs
WixQueryOsDriverInfo
WixQueryOsInfo
WixQueryOsWellKnownSID
WixRegisterRestartResources
WixRemoveFoldersEx
WixRollbackInternetShortcuts
WixSchedInternetShortcuts
WixShellExec
WixShellExecBinary
WixWaitForEvent

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f35802c5b4c983304b2892d7d96b4f0d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

advapi32

user32

oleaut32

shell32

ole32

version

kernel32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 3KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 3KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB